fb085cf1d4
It turns out that the BUG_ON() in fs/exec.c: de_thread() is unreliable
and can trigger due to the test itself being racy.
de_thread() does
while (atomic_read(&sig->count) > count) {
}
.....
.....
BUG_ON(!thread_group_empty(current));
but release_task does
write_lock_irq(&tasklist_lock)
__exit_signal
(this is where atomic_dec(&sig->count) is run)
__exit_sighand
__unhash_process
takes write lock on tasklist_lock
remove itself out of PIDTYPE_TGID list
write_unlock_irq(&tasklist_lock)
so there's a clear (although small) window between the
atomic_dec(&sig->count) and the actual PIDTYPE_TGID unhashing of the
thread.
And actually there is no need for all threads to have exited at this
point, so we simply kill the BUG_ON.
Big thanks to Marc Lehmann who provided the test-case.
Fixes Bug 5170 (http://bugme.osdl.org/show_bug.cgi?id=5170)
Signed-off-by: Alexander Nyberg <alexn@telia.com>
Cc: Roland McGrath <roland@redhat.com>
Cc: Andrew Morton <akpm@osdl.org>
Cc: Ingo Molnar <mingo@elte.hu>
Acked-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
||
|---|---|---|
| .. | ||
| 9p | ||
| adfs | ||
| affs | ||
| afs | ||
| autofs | ||
| autofs4 | ||
| befs | ||
| bfs | ||
| cifs | ||
| coda | ||
| cramfs | ||
| debugfs | ||
| devfs | ||
| devpts | ||
| efs | ||
| exportfs | ||
| ext2 | ||
| ext3 | ||
| fat | ||
| freevxfs | ||
| fuse | ||
| hfs | ||
| hfsplus | ||
| hostfs | ||
| hpfs | ||
| hppfs | ||
| hugetlbfs | ||
| isofs | ||
| jbd | ||
| jffs | ||
| jffs2 | ||
| jfs | ||
| lockd | ||
| minix | ||
| msdos | ||
| ncpfs | ||
| nfs | ||
| nfs_common | ||
| nfsd | ||
| nls | ||
| ntfs | ||
| openpromfs | ||
| partitions | ||
| proc | ||
| qnx4 | ||
| ramfs | ||
| reiserfs | ||
| relayfs | ||
| romfs | ||
| smbfs | ||
| sysfs | ||
| sysv | ||
| udf | ||
| ufs | ||
| vfat | ||
| xfs | ||
| aio.c | ||
| attr.c | ||
| bad_inode.c | ||
| binfmt_aout.c | ||
| binfmt_elf_fdpic.c | ||
| binfmt_elf.c | ||
| binfmt_em86.c | ||
| binfmt_flat.c | ||
| binfmt_misc.c | ||
| binfmt_script.c | ||
| binfmt_som.c | ||
| bio.c | ||
| block_dev.c | ||
| buffer.c | ||
| char_dev.c | ||
| compat_ioctl.c | ||
| compat.c | ||
| dcache.c | ||
| dcookies.c | ||
| direct-io.c | ||
| dnotify.c | ||
| dquot.c | ||
| eventpoll.c | ||
| exec.c | ||
| fcntl.c | ||
| fifo.c | ||
| file_table.c | ||
| file.c | ||
| filesystems.c | ||
| fs-writeback.c | ||
| inode.c | ||
| inotify.c | ||
| ioctl.c | ||
| ioprio.c | ||
| Kconfig | ||
| Kconfig.binfmt | ||
| libfs.c | ||
| locks.c | ||
| Makefile | ||
| mbcache.c | ||
| mpage.c | ||
| namei.c | ||
| namespace.c | ||
| nfsctl.c | ||
| open.c | ||
| pipe.c | ||
| posix_acl.c | ||
| quota_v1.c | ||
| quota_v2.c | ||
| quota.c | ||
| read_write.c | ||
| readdir.c | ||
| select.c | ||
| seq_file.c | ||
| stat.c | ||
| super.c | ||
| xattr_acl.c | ||
| xattr.c | ||